[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Rowland Penny
rpenny at samba.org
Fri Sep 30 11:51:26 UTC 2016
On Fri, 30 Sep 2016 13:32:18 +0200
Oliver Werner <oliver.werner at kontrast.de> wrote:
> the interface part is ok. eth0 has another IP as eth0:35
>
> DCs show me the profiles
>
> unix authentication
> register user session in the systemd….
> inheritable capabilities management
> OLIVER WERNER
> Systemadministrator
>
I use Devuan and I get:
Kerberos authentication
Unix authentication
Winbind NT/Active Directory authentication
GNOME Keyring Daemon - Login keyring management
ConsoleKit Session Management
Inheritable Capabilities Management
Ignore the last three.
You are only using Unix authentication on your domain member and as
you have compiled Samba yourself, you cannot install the distro
packages to fix the winbind part.
First install libpam-krb5, then create a
file: /usr/share/pam-configs/winbind
containing this:
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so use_authtok try_first_pass
Password-Initial:
[success=end default=ignore] pam_winbind.so
Session-Type: Additional
Session:
optional pam_winbind.so
run 'pam-auth-update' again
Did you create the libnss_win* links ?
Do you require your users to have home directories on the domain
member ?
Rowland
More information about the samba
mailing list